kubes_google 0.3.9 → 0.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/kubes_google/secrets/fetcher.rb +7 -2
  4. data/lib/kubes_google/service_account.rb +15 -8
  5. data/lib/kubes_google/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d593aeda0613c869927cc4a394a6074f2cb0b37a65a300c34e2c1843795665fd
4
- data.tar.gz: 612e010ffb671cbe6fae182be9013c0d0e0a35360ea74a3b241e31852ede785c
3
+ metadata.gz: cb741f591115d3b288978ec1f2c3a442d911bfd4553f0a606eb9c579c32e20bd
4
+ data.tar.gz: 48809f850b487a187ffe12188c9ea7fb2a9446bbdd798b5aaf5a4cc76bf3f784
5
5
  SHA512:
6
- metadata.gz: '03709e5092eb0d4bdee232a60a3bd7369eff75e2b58591716fdc5a9e6d4833c5529740ee488e0a1cc2c04f389bb350e78bdbfd98c3d1b8d34717edd35025be90'
7
- data.tar.gz: 492c3b693b2f44db71b08dabc1a66d1a45e3b776efab24292f438be1c94da5f9caf295c0da36e8c058f3f5b4d5cfff7c3f801135d1aaa164992bda2f7053368e
6
+ metadata.gz: 227d531538e94ce3a1746aa28b3fe9de339e45cf8450edc1171c304d4fc6f49e2041206fe70d0de8620a3a61d583ccb831114a114a50b9f20da15a668faabba7
7
+ data.tar.gz: b44bf02993394a774e6e45225650bd2e952c63080171df243a2fdd6adbedad1284350464a3ee2da1508fcb4fd4a56cf40c7f8b680dc68b0c1b9f94ee4e521162
data/CHANGELOG.md CHANGED
@@ -3,6 +3,12 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.3.10] - 2022-08-19
7
+ - [#11](https://github.com/boltops-tools/kubes_google/pull/11) Google service account fixes
8
+ - KUBES_MOCK_SECRET ability
9
+ - dont add project iam binding if already exists
10
+ - fix iam service has_role? check
11
+
6
12
  ## [0.3.9] - 2022-02-16
7
13
  - [#10](https://github.com/boltops-tools/kubes_google/pull/10) google_secret_data helper
8
14
 
data/lib/kubes_google/secrets/fetcher.rb CHANGED
@@ -10,8 +10,13 @@ class KubesGoogle::Secrets
10
10
  @@cache = {}
11
11
  def fetch(short_name)
12
12
  return @@cache[short_name] if @@cache[short_name]
13
- logger.debug "Fetching secret: #{short_name}"
14
- @@cache[short_name] = fetcher.fetch(short_name)
13
+ if ENV['KUBES_MOCK_SECRET']
14
+ logger.info "KUBES_MOCK_SECRET=1 is set. Mocking secret: #{short_name}"
15
+ @@cache[short_name] = "mock"
16
+ else
17
+ logger.debug "Fetching secret: #{short_name}"
18
+ @@cache[short_name] = fetcher.fetch(short_name)
19
+ end
15
20
  rescue KubesGoogle::VpnSslError
16
21
  logger.info "Retry fetching secret with the gcloud strategy"
17
22
  fetcher = Gcloud.new(@options)
data/lib/kubes_google/service_account.rb CHANGED
@@ -34,14 +34,14 @@ module KubesGoogle
34
34
  logger.debug "Creating GKE IAM Binding"
35
35
  member = "serviceAccount:#{@google_project}.svc.id.goog[#{@namespace}/#{@ksa}]"
36
36
 
37
- found = sh "gcloud iam service-accounts get-iam-policy #{@service_account} | grep -F #{member} > /dev/null"
37
+ found = sh "gcloud iam service-accounts get-iam-policy '#{@service_account}' | grep -F '#{member}' > /dev/null"
38
38
  return if found
39
39
 
40
40
  sh "gcloud iam service-accounts add-iam-policy-binding \
41
41
  --role roles/iam.workloadIdentityUser \
42
- --member #{member} \
42
+ --member '#{member}' \
43
43
  --condition=None \
44
- #{@service_account}".squish
44
+ '#{@service_account}'".squish
45
45
  end
46
46
 
47
47
  def add_roles
@@ -58,21 +58,28 @@ module KubesGoogle
58
58
  end
59
59
 
60
60
  def has_role?(role)
61
- out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
62
- data = JSON.load(out)
61
+ data = project_iam_policies
63
62
  bindings = data['bindings']
64
63
  binding = bindings.find { |b| b['role'] == role }
65
64
  return false unless binding
66
- binding['members'].include?(@service_account)
65
+ binding['members'].include?("serviceAccount:#{@service_account}")
66
+ end
67
+
68
+ @@project_iam_policies = nil
69
+ def project_iam_policies
70
+ return @@project_iam_policies if @@project_iam_policies
71
+ logger.debug "=> gcloud projects get-iam-policy #{@google_project} --format json"
72
+ out = capture "gcloud projects get-iam-policy #{@google_project} --format json"
73
+ @@project_iam_policies = JSON.load(out)
67
74
  end
68
75
 
69
76
  def add_role(role)
70
77
  return if has_role?(role)
71
78
 
72
79
  sh "gcloud projects add-iam-policy-binding #{@google_project} \
73
- --member=serviceAccount:#{@service_account} \
80
+ --member='serviceAccount:#{@service_account}' \
74
81
  --condition=None \
75
- --role=#{role} > /dev/null".squish
82
+ --role='#{role}' > /dev/null".squish
76
83
  end
77
84
  end
78
85
  end
data/lib/kubes_google/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module KubesGoogle
2
- VERSION = "0.3.9"
2
+ VERSION = "0.3.10"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kubes_google
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.9
4
+ version: 0.3.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-02-16 00:00:00.000000000 Z
11
+ date: 2022-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -160,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
160
  - !ruby/object:Gem::Version
161
161
  version: '0'
162
162
  requirements: []
163
- rubygems_version: 3.2.32
163
+ rubygems_version: 3.3.12
164
164
  signing_key:
165
165
  specification_version: 4
166
166
  summary: Kubes Google Helpers Library